mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 14:20:40 +01:00
Add a FAQ
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
6f59b28ecd
commit
6842ce6432
50
docs/FAQ.xml
50
docs/FAQ.xml
@ -103,7 +103,7 @@
|
|||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="PortForwarding">
|
||||||
<title>Port Forwarding (Port Redirection)</title>
|
<title>Port Forwarding (Port Redirection)</title>
|
||||||
|
|
||||||
<section id="faq1">
|
<section id="faq1">
|
||||||
@ -605,6 +605,54 @@ to debug/develop the newnat interface.</programlisting></para>
|
|||||||
<section>
|
<section>
|
||||||
<title>Open Ports</title>
|
<title>Open Ports</title>
|
||||||
|
|
||||||
|
<section id="faq0">
|
||||||
|
<title>(FAQ 0) How do I Open Ports in Shorewall?</title>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Answer:</emphasis> No one who has installed
|
||||||
|
Shorewall using one of the <ulink
|
||||||
|
url="shorewall_quickstart_guide.htm">Quick Start Guides</ulink> should
|
||||||
|
have to ask this question.</para>
|
||||||
|
|
||||||
|
<para>Regardless of which guide you used, all outbound communcation is
|
||||||
|
open by default. So you do not need to 'open ports' for output.</para>
|
||||||
|
|
||||||
|
<para>For input:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>If you installed using the Standalone Guide, then please
|
||||||
|
<ulink url="standalone.htm#id2499092">re-read this
|
||||||
|
section</ulink>.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>If you installed using the Two-interface Guide, then please
|
||||||
|
re-read these sections: <ulink
|
||||||
|
url="two-interface.htm#id2499962">Port Forwarding (DNAT)</ulink>,
|
||||||
|
and <ulink url="two-interface.htm#id2500428">Other
|
||||||
|
Connections</ulink></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>If you installed using the Three-interface Guide, then please
|
||||||
|
re-read these sections: <ulink
|
||||||
|
url="three-interface.htm#id2499698">Port Forwarding (DNAT)</ulink>
|
||||||
|
and <ulink url="three-interface.htm#id2500224">Other
|
||||||
|
Connections</ulink></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>If you installed using the <ulink
|
||||||
|
url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink> then
|
||||||
|
you had better read the guide again -- you clearly missed a
|
||||||
|
lot.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>Also please see the <link linkend="PortForwarding">Port Forwarding
|
||||||
|
section of this FAQ</link>.</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section id="faq4">
|
<section id="faq4">
|
||||||
<title>(FAQ 4) I just used an online port scanner to check my firewall
|
<title>(FAQ 4) I just used an online port scanner to check my firewall
|
||||||
and it shows some ports as <quote>closed</quote> rather than
|
and it shows some ports as <quote>closed</quote> rather than
|
||||||
|
@ -195,14 +195,15 @@
|
|||||||
|
|
||||||
<para><filename>/etc/modprobe.conf.local</filename></para>
|
<para><filename>/etc/modprobe.conf.local</filename></para>
|
||||||
|
|
||||||
<para>See <ulink
|
<para><filename class="devicefile">eth1</filename> (PCI 00:09.0) and
|
||||||
url="http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module">http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module</ulink>
|
<filename class="devicefile">eth2</filename> (PCI 00:0a.0) are
|
||||||
The SuSE 10.1 Xen kernel compiles pciback as a module. <filename
|
delegated to the firewall DomU where they become <filename
|
||||||
class="devicefile">eth1</filename> (PCI 00:09.0) and <filename
|
|
||||||
class="devicefile">eth2</filename> (PCI 00:0a.0) are delegated to the
|
|
||||||
firewall DomU where they become <filename
|
|
||||||
class="devicefile">eth3</filename> and <filename
|
class="devicefile">eth3</filename> and <filename
|
||||||
class="devicefile">eth4</filename> respectively.</para>
|
class="devicefile">eth4</filename> respectively. The SuSE 10.1 Xen
|
||||||
|
kernel compiles pciback as a module so the instructions for PCI
|
||||||
|
delegation in the Xen Users Manual can't be followed directly (see
|
||||||
|
<ulink
|
||||||
|
url="http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module">http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module</ulink>).</para>
|
||||||
|
|
||||||
<programlisting>options pciback hide=(00:09.0)(00:0a.0)
|
<programlisting>options pciback hide=(00:09.0)(00:0a.0)
|
||||||
install tulip /sbin/modprobe pciback ; /sbin/modprobe --first-time --ignore-install tulip
|
install tulip /sbin/modprobe pciback ; /sbin/modprobe --first-time --ignore-install tulip
|
||||||
@ -217,7 +218,7 @@ options netloop nloopbacks=1</programlisting>
|
|||||||
name = "firewall"
|
name = "firewall"
|
||||||
|
|
||||||
# usable ram:
|
# usable ram:
|
||||||
memory = 256
|
memory = 384
|
||||||
|
|
||||||
# kernel and initrd:
|
# kernel and initrd:
|
||||||
kernel = "/xen2/vmlinuz-xen"
|
kernel = "/xen2/vmlinuz-xen"
|
||||||
@ -231,8 +232,6 @@ extra = "3"
|
|||||||
|
|
||||||
# network interface:
|
# network interface:
|
||||||
vif = [ 'mac=aa:cc:00:00:00:02, bridge=xenbr0', 'mac=aa:cc:00:00:00:03, bridge=xenbr1' ]
|
vif = [ 'mac=aa:cc:00:00:00:02, bridge=xenbr0', 'mac=aa:cc:00:00:00:03, bridge=xenbr1' ]
|
||||||
dhcp = 'dhcp'
|
|
||||||
hostname = name
|
|
||||||
# Interfaces deletgated from Dom0
|
# Interfaces deletgated from Dom0
|
||||||
pci=[ '00:09.0' , '00:0a.0' ]
|
pci=[ '00:09.0' , '00:0a.0' ]
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user